Saal1 16:00

Net neutrality is an essential safeguard for competition, innovation, and fundamental freedoms. The debate is high in the US with the announce of FCC non discrimination principles (even if they sound irremediably bound to the interests of Hollywood industry). In the EU, the "Telecoms Package" has been the ground of intense debates on the issue. Dangerous provisions were voted, yet a very high level of awareness was raised, giving hope into further positive outcome of the debate. Why one shall care? What one can do about it?

What is Net neutrality? Why is it crucial for the future of our online societies? What is the current state of Net neutrality legislation in the EU? What campaigns from civil societies, with what results? What will be the next steps?
Net neutrality has been an indispensable catalyst of competition, innovation, and fundamental freedoms in the digital environment. A neutral Internet ensures that users face no conditions limiting access to applications and services. Likewise, it rules out any discrimination against the source, destination or actual content of the information transmitted over the network.
Thanks to this principle, our society collectively built the Internet as we know it today. Except in some authoritarian regimes, everyone around the globe has access to the same Internet, and even the smallest entrepreneurs are on equal footing with the leading global enterprises. Moreover, Net neutrality stimulates the virtuous circle of a development model based on the growth of a common communication network that enables new uses and tools, as opposed to one relying on investments in filtering and controlling. Only under such conditions is Internet continuously improving our societies, enhancing freedom â including the freedom of expression and communication â and allowing for more efficient and creative markets.
However, Net neutrality is now under the threat of telecom operators and content industries that see business opportunities in discriminating, filtering or prioritizing information flowing through the network. All around Europe, these kind of discriminatory practices, detrimental to both consumers and innovation, are emerging. No court or regulator seems to have adequate tools to counter these behaviors and preserve the general interest. Some provisions introduced in the EU "Telecoms Package" could even encourage such practices.
We who build, use and love the Internet must be aware and active to protect it.

Saal1 17:15

wikileaksWikiLeaks Release 1.0

During the last 12 months WikiLeaks representatives have been talking at numerous conferences, from technology via human rights to media focused, in an effort to introduce WikiLeaks to the world. WikiLeaks has had major document releases that have spawned attention in all major newspapers by now, it has triggered important reform and has established itself as part of the accepted media reality.

Little did we have the chance though to talk about a bigger picture, especially of how we perceive the future and its constraints.
We therefore would like to talk about our vision of the information society, journalism's role in that society, as well as our role in it. Along this vision we will introduce new features for WikiLeaks Release 1.0, that will be no short of changing the world as we all know it.

Saal1 18:30

Philippe OechslinExposing Crypto Bugs through reverse engineering

Breaking good crypto is hard. It takes a genius to find a flaw in AES or Blowfish. On the other hand, it is also difficult to program cryptography correctly. Thus the simpler way of breaking a cryptographic software is often to reverse engineer it and find the crypto errors that were made by the programmers.

In this talk the simple errors will be demonstrated that were discovered when reverse engineering three products for evaluation or forensic purposes. In each case, a simple error gave access to information that was supposed to be protected by the best crypto algorithms.
The demos will be the following:
- the FIPS 142-3 level 2 certified MXI stealth USB key (before it got patched)
- a version of the E-capsule private safe from EISST
- Data Beckers now defunct Private Safe software

Saal1 20:30

Chris PagetKarsten NohlGSM: SRSLY?

The worlds most popular radio system has over 3 billion handsets in 212 countries and not even strong encryption. Perhaps due to cold-war era laws, GSM's security hasn't received the scrutiny it deserves given its popularity. This bothered us enough to take a look; the results were surprising.

From the total lack of network to handset authentication, to the "Of course I'll give you my IMSI" message, to the iPhone that *really* wanted to talk to us. It all came as a surprise â stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet.
Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS'ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.

Saal1 23:00

Fabian Yamaguchicat /proc/sys/net/ipv4/fuckups

We will be presenting a number of previously undisclosed network-related design errors, ranging from data-link-layer bugs in Ethernet-drivers across issues in TCP/IP stacks all the way up to communication infrastructure components on layer 5.
Our focus is on subtle mistakes, which do not fall into the memory-corruption category and yet in combination provide an attacker with a powerful bag of tricks.

Built around a fictional average company network, we will tell the story of an attack making use of subtle bugs across the layers all of which are as of yet undisclosed. This will include a bug in an Ethernet-driver, which allows an attacker to bypass MAC- and IP-based filters, bugs in TCP-implementations that are assumed to be fixed but aren't, a web-cache which confuses itself and an instant-messenger, which was fooled by the protocol specification.
All of these bugs share a common property: They are a consequence of insecure design and not of insecure coding-practices.

Saal2 16:00

HaeBPrivacy, openness, trust and transparency on Wikipedia

Wikipedia's enormous growth during this decade, which has made it a "poster child of Web 2.0", has been enabled by its "anyone can edit" philosophy â external credentials are not required, and one still doesn't even need to set up a user account to change the content of one of the planet's most visited websites. This radical openness created unsurprising vulnerabilites (to vandalism, libel, copyright violations, introduction of bias, organized PR activities, etc.), but it is balanced by an equally radical transparency, where even minuscule actions of editors are recorded indefinitely.

This talk will describe some of the structures, methods, and tools that the Wikipedia community has developed over the years to defend the project from these vulnerabilities, and to establish its internal reputation system.
The main focus will be on the investigation of "sockpuppets" (multiple accounts operated by the same person), or rather their abuse. For contributions made without logging into an account, the originating IP address is recorded publicly, so topics like open proxies, TOR or geolocation became important for Wikipedians, and many of them have come to recognize certain IP ranges of certain ISPs immediately...
However, the IP addresses used by logged-in editors are hidden due to privacy concerns, and can only be requested (together with additional data from the HTTP headers â user agents and XFF) by a few trusted users via the "CheckUser" function of the MediaWiki software. And on the other hand, the edit history of an account contains a wealth of public information which is analyzed in many ways by Wikipedians. I will describe several of them and relate some of these home-grown methods to results from forensic linguistics and stylometry (research fields with a long history). I will also give a brief summary of statistical concepts â and known fallacies â related to sockpuppet investigations.
At the same time, these tools and techniques can reveal a lot of sensitive information (I will give concrete examples), and highlight the privacy issues that Wikipedia's transparency creates for its contributors.

Saal2 20:30

Roger DingledineTor and censorship: lessons learned

Tor was originally designed as a civil liberties tool for people in the West. But if governments can block connections *to* the Tor network, who cares that it provides great anonymity? A few years ago we started adapting Tor to be more robust in countries like China. We streamlined its network communications to look more like ordinary SSL, and we introduced "bridge relays" that are harder for an attacker to find and block than Tor's public relays.

In the aftermath of the Iranian elections in June, and then the late September blockings in China, we've learned a lot about how circumvention tools work in reality for activists in tough situations. I'll give an overview of the Tor architecture, and summarize the variety of people who use it and what security it provides. Then we'll focus on the use of tools like Tor in countries like Iran and China: why anonymity is important for circumvention, why transparency in design and operation is critical for trust, the role of popular media in helping â and harming â the effectiveness of the tools, and tradeoffs between usability and security. After describing Tor's strategy for secure circumvention (what we *thought* would work), I'll talk about how the arms race actually seems to be going in practice.

Saal2 21:45

Qin LiuSebastien SaugeHow you can build an eavesdropper for a quantum cryptosystem

This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during the conference.

Quantum cryptography, as being based on the laws of physics, was claimed to be much more secure than all classical cryptography schemes.(Un)fortunately physical hardware is not beyond of an evil control: We present a successful attack of an existing quantum key distribution system exploiting a photon detector vulnerability which is probably present in all existing devices. Without Alice and Bob losing their faith in their secure communication, we recorded 100% of the supposedly secret key.
Single photon detectors based on passively quenched avalanche photodiodes are used in a number of quantum key distribution experiments. A vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click [1]. An attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem [2,3] is feasible. By controlling the polarization of a bright beam the eavesdropper Eve can force any detector of her choice to fire in the legitimate receiver Bob, such that she gets a full control of it without introducing additional errors. This allows Eve to run an intercept-resend attack without getting caught, and obtain a full copy of the transmitted secret key. We have fully demonstrated this attack under realistic conditions on an installed fiber optic quantum key distribution system. The system uses polarization encoding over 290 m of optical fiber spanning four buildings. A complete eavesdropper has been built, inserted at a mid-way point in the fiber line, and 100% of the secret key information has been recorded. Under attack, no significant changes in the system operating parameters have been observed by the legitimate users, which have happily continued to generate their 'secret' key.
[1] V. Makarov, New J. Phys. 11, 065003 (2009). [2] I. Marcikic, A. Lamas-Linares, C. Kurtsiefer, Appl. Phys. Lett. 89, 101122 (2006). [3] M. P. Peloso et al., New J. Phys. 11, 045007 (2009).

Saal2 23:00

Peter Stugecoreboot: Adding support for a system near you

The BIOS and it's successor EFI are considered by many to be the final frontier for open source software in commodity PCs. This talk briefly describes the BIOS replacement coreboot (formerly LinuxBIOS) and then focuses on what is required to bring up a PC from power on to where an operating system can run, and how coreboot approaches the problem.

A modern PC is quite different from the 1981 original, and while the BIOS still remains it must now take on several fairly complex challenges. When the original PC with it's pre-ISA expansion bus was powered on, most if not all parts of the system were immediately capable of running applications. The PC of today can have several multicore CPUs which are interconnected by HyperTransport, Front Side Bus or QuickPath, DDR3 RAM on each CPU core, and PCI Express - making the situation very different since all these components require complex initialization to be implemented in software.
coreboot celebrates it's 10th year in 2009 and many lessons have been learned about contemporary PC hardware. After a brief description of coreboot, a typical PC mainboard is broken down logically, with attention paid to the significant hardware components and how they interact, finally moving on to how support for this mainboard has been implemented in coreboot.
The presentation aims to give a good look into the development process for coreboot, as well as the requirements for adding support for new systems in coreboot.

Saal3 12:45

Oliver PritzkowSven GuckesLightning Talks - Day 1

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.

Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-P

Saal3 16:00

aestetixequinoxEric Michaudmc.flyour darknet and its bright spots

Building a private network to connect your neighbourhood. Why we feel common solutions are terrible on resources and what we think is better.
Get on board.

This talk will give you the opportunity to take a look at the shades of grey of interconnecting hackerspaces and people's networks. Mc.Fly presents ChaosVPN, reborn in its darknet-ish approach and gaining momentum from established hackerspaces in the US and Europe with spaces like NYC Resistor, Pumping Station: One, Noisebridge and c-base. The Agora Network will be presented by Aestetix and Eric in covering the community and technical aspects and what to expect. Equinox will show you the white-ish side called dn42 - the old but nice lady that connects mostly german people and younger spaces like sublab and entropia.
Leveraging the efforts of the ChaosVPN network in the US is the Agora Network (Currently In Private Beta). By doing this we are not having to duplicate the efforts of every one involved we have settled on a standard platform utilising tincd. With hackerspaces popping up very rapidly and successfully in the US for the last 24 months we find this necessary. Agora is a mesh vpn service that serves to tie them all together on a common intranet. On the network people will be hosting machines for VMs, development, file hosting, PBX phone services, and a number of high performance clusters at the disposal of users which we are currently developing including those provided by node users. In the process several universities in the US have asked to join the network for several research opportunities not previously available to them.
dn42 is built with tunnels (OpenVPN, GRE, tinc, etc) and has BGP running over them - the same dynamic routing protocol the internet runs on, albeit with less networks in the routing table. We will shed some light on both the technical and social aspects of dn42. Our walk starts at technical foundations and heads over to what BGP allows us to do on a social level. We'll also see how the flow of traffic can be engineered according to external constraints (think your plain asymmetric DSL at home), and last but not least we'll discuss different cases of maliciousness and how they're treated. While dn42 is our playground for testing and modelling all this stuff, most of it apples to the internet as well.
This talk is somewhere around entry to immediate level. You should roughly know what an IP subnet, a route and dynamic routing is.

Saal3 17:15

LorenzHere Be Electric Dragons

Unnoticed by average Joe we are currently experiencing the advent of autonomous machines. This development will undoubtedly result in epochal change of our way of live. Naturally this has the potential to cause enormous problems. Two key issues will be how to tame the risks these autonomous machines pose and how to deal with the impact their wide proliferation will have on societies. A few years ago these questions were only important in science fiction. Today âkillerâ applications are no longer an academic topic. Now it is on us to start thinking about this questions and to preemptively develop new practices. Curiously, what might be a large part of the solution has already been central to the hacker community for decades: hacker ethic.

This talk will address the following topics:
Emancipation of Machines
3 distinct types of machine: (1) directly augments human capabilities (2) machines that augment other machines (3) autonomous machines
Type 3 machines do not need constant human supervision and do not directly improve human capabilities
Type 3 machines can be as simple as a clock
A crossbow attached to a clockwork on a busy marketplace demonstrates the resulting problems
Over the past years type 3 machines have become more numerous and will soon be commonplace
Risk mitigation is only in its infancy: dangerous machines are separated from humans
No convincing solutions for autonomous machines. Asimovâs Laws outdated by âkillerâ applications.
A Social Contract for Machines
Autonomous machines are technologically feasible but held back by other factors
How risk can be moderated by a system approach implementing developer ethics in a new Archimedes oath
How financial instruments can be created to price residual risk and create a social contract for machines
From Protestant to Hacker Ethic
How to mitigate one of the biggest consequences of type 3 machine proliferation: work
Current situation Protestant work ethic
Changed situation: unemployment the norm/mechanic slaves
Solution: hacker ethic?

Saal3 21:45

Davor EmardWireless power transfer

Wireless power is a most wanted technology. It has already been invented by Nikola Tesla in 1888. The speaker read the papers, reproduced the theoretical and practical results. The theoretical idea to get highly efficient wireless power transmission is to separate the electric from the magnetic field, because magnetic field lines are closed curves near the device, while the electric field lines reach to infinity and receiver only needs common ground (the earth). This is done by special requirements to the sender and receiver antennas (form of the coil). The antenna form has been modeled in the software nec2 (variant xnec2c on debian). A lowcost PET bottle serves as the hull of the coil. Around 200 windings of insulated copper wire are manually applied to the bottle. A transmission in the range of 10 meters was reached, the power used is 100mW, from signal generator amplitude 10V and 1 MHz frequency. This will be shown.

Tesla Long Distance High-Power and High-Efficiency Wireless Energy Transmission is still a mystery to our technology.
To better understand his claims that power can be transmitted to any distance on Earth with insignificant losses, and to see what challenges does this pose to the current technology, two simple prototypes of Tesla Magnifier have been built.
Understanding of the working principle was needed to build the prototypes with modern materials. All data was readily available on Internet: original Tesla's patents and articles from 1891-1919 related to wireless energy tramission.
Information have led to optimal calculation of geometry for a Tesla Magnifier, a kind of resonant antenna used to transmit and/or receiver power.
In replicated prototype the oscillatory mode has been determined by measuring phase and magnitude of current and voltage at
magnifier's feed line.
Some unexpected electrical conditions have been observed which were accurately reproduced using computer models in SPICE (electronic circuit simulation) and NEC2 (antenna simulation and electomagnetic field visualization).
Simulation has revealed geometry of the field around the Tesla Magnifier and it differs from the field around ordinary radio antenna (which radiates transversal electromagnetic wave) and could be a clue for faster-than-light energy transfer on planetary scale which Tesla claimed in his patents and articles.

Saal3 23:00

Sandro GayckenA Hackerâs Utopia

The lecture will explore hacker ideology as a utopian idea. Drawing on utopian theory and technology assessment, it will investigate within which terms hacking can be acknowledge as a utopia, what might be missing for a full-blown societal vision and - most importantly - how technology could actually help to realize utopian ideas (and how not).

Hackers seem to have a vision of the future. It is accessibly engraved in the principles known as the hacker ethic: free and equal access to technology and information, decentralization, privacy, liberty, autonomy of the individual, free learning and education. These are some pillars easily extracted from the hacker values. But do these suffice for a full-blown utopia, a comprehensive societal vision? What of the other aspects of life? How should the economy be dealt with? Or which form of government would suit the hackersâ principles and our ways of life? Can some answers to these questions be determined or at least others ruled out? Should they? And most importantly: Can â as many hackers seem to believe â technology realize utopian ideas? The internet as a technological utopia, realizing new degrees in the freedom and equality of information, seems to have failed, considering the digital divide and the advent of censorship. Was that probably in part due to the lack of a utopian theory behind the technology? My talk will aim at these questions. I will state that due to the history of computing, hacking can in fact be understood as an involuntary partial utopia, capable of a few things to which it has actually contributed a lot by means of technology, while not capable of others. This relates to my late research and a model of a utopian, co-evolutionary development cycle of technology and society. I will also be able highlight which kinds of elements might in principle be needed to render hacking from an involuntary and only partly effective, loose set of futuristic ideas into a voluntary and effective vision.

Saal1 00:00

RayStefan 'Sec' ZehlHacker Jeopardy

The Hacker Jeopardy is a quiz show.

The well known reversed quiz format, but of course hacker style. It once was entitled "number guessing for geeks" by a German publisher, which of course is an unfair simplification. It's also guessing of letters and special characters. ;)
Three initial rounds will be played, the winners will compete with each other in the final.

Saal1 11:30

The decision made by the German Constitutional Court is THE definition of what election reform really is and that all democracies (and not just America) should use the basis of this decision in making the case for banning computerized voting. No more arguing security issues with the experts and accepting compromises that still leave citizens on the sidelines.

Saal1 12:45

Arne ReinersJuergen BrandnerMichael MusslerRobert BoehmeA part time scientists' perspective of getting to the moon

We want to use the opportunity the 26C3 presents as a venue to introduce our team.
The Part-Time-Scientists are the first German team participating in the Google Lunar X PRIZE.
Our presentation would kick off with a quick explanation of what the X PRIZE is, the challenges and gains.
The main part of the presentation will then focus on our progress.
That includes a showcase of some hard- and software we're using.
Additionally pictures and videos specifically created for the 26C3.
And a brief overview of the GoogleLunarXPrize and it's overall progress.

The main part of the presentation will then focus on our progress.
That includes a showcase of some hard- and software we're using.
Additionally pictures and videos specifically created for the 26C3.
Some examples of interesting hardware appliance:
Xilinx FPGA
* Self designed Boardcomputer (Linux based)
* Special HD CCMOS sensors
* HiRel certified components
* CAD/CAM designs
The presentation will be held by 1-3 members of our team.
So that we have someone from every area of expertise available for possible questions from the audience.
The following Q&A part should prove to be very interesting.

Saal1 16:00

Mike BrennanPrivacy & Stylometry

Authorship recognition based on linguistics (known as Stylometry) has contributed to literary and historical breakthroughs. These successes have led to the use of these techniques in criminal investigations and prosecutions. Stylometry, however, can also be used to infringe upon the privacy of individuals who wish to publish documents anonymously. Our research demonstrates how various types of attacks can reduce the effectiveness of stylometric techniques down to the level of random guessing and worse. These results are made more significant by the fact that the experimental subjects were unfamiliar with stylometric techniques, without specialized knowledge in linguistics, and spent little time on the attacks. This talk will also examine the ways in which authorship recognition can be used to thwart privacy and anonymity and how these attacks can be used to mitigate this threat. It will also cover our current progress in establishing a large corpus of writing samples and attack data and the creation of a tool which can aid authors in preserving their privacy when publishing anonymously.

This research was originally motivated by the idea of using stylometry, which is the study of authorship recognition based on linguistic style, to increase security. Could stylometry be used as an aid for verifying the identity of a user? The first step was to see how stylometry held up against adversarial attacks. We developed two attacks and found that they were devastatingly effective against various methods of stylometry. This turned our goal for the research from looking at how stylometry could increase security by verifying an identity to how attacking stylometry can increase security by helping anonymous authors maintain their privacy and protect their identity.
This research presents a framework for adversarial attacks including obfuscation attacks, where a subject attempts to hide their identity and imitation attacks, where a subject attempts to frame another subject by imitating their writing style. The major contribution of this research is that it demonstrates that both attacks work very well. The obfuscation attack reduces the effectiveness of the techniques to the level of random guessing and the imitation attack succeeds with 68-91% probability depending on the stylometric technique used. This research also provides another significant contribution to the field in using human subjects to empirically validate the claim of high accuracy for current techniques (without attacks) by reproducing results for three representative stylometric methods.
The talk examines the threat that stylometry can pose to anonymity, and what can be done about it. Advice is offered on how to obfuscate your writing style based on what was learned from the subjects in this study. The talk will also discuss current work to create a tool that helps authors hide their writing style. This tool will use a large corpus of existing writing and attack passages in multiple languages along with a variety of stylometric techniques based on different features and machine learning methods. A call for help is also put out to the listeners and readers of this research to participate in the creation of this corpus in multiple languages so the tool can be helpful to as many authors as possible.

Saal1 20:30

FX of PhenoelitDefending the Poor

The talk will discuss a class of in-the-wild malware and exploits, reasons for it's success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released.

The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content before using it. Focusing on Adobe Flash content, the security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world.

Saal1 21:45

Henryk PlĂ¶tzKarsten NohlLegic Prime: Obscurity in Depth

Legic Prime is an artifact from the time when proprietary cryptography in RFID was considered secure enough. We will demonstrate a break for basically any aspect of Legic Prime's claimed security features. If you rely on Legic Prime's security for anything, start migrating.

Legic Prime uses obscurity as one of the main defenses against misuse, with readers and cards not readily available on the free market. The system employs multiple layers of strange and obscure techniques in lieu of proper encryption and cryptographic protocols, but promises great security and management features which other systems are lacking (and lacking for good reason).
Results to be announced in this talk:
* Read arbitrary cards, even read protected ones
* Emulate cards
* Write to cards (the UID can't be changed, though)
* Create arbitrary master tokens for the Master Token System Control

Saal2 11:30

ChristophDAfter the Hype

While One Laptop per Child is a widely known and much discussed and often heavily critized project little is actually known about the current state of its efforts. So it may come as a surprise to many that almost a million children around the world use their Linux powered XO-1 laptop in school on a daily basis. This talk will shed some light on this and other interesting developments and look at how FLOSS and global grassroot communities can make a difference in ICT-supported education around the world.

Few initiatives in the ICT sector have received as much public attention in recent years as One Laptop per Child. Still most widely known as the "$100 laptop project" OLPC faced a lot of criticism and suffered some setbacks in recent years. Especially the perceived move away from Linux towards Windows cost the project much good will and many supporters from the FLOSS community. And despite the project's generally high visibility little is known about the very real progress it has made in increasing educational opportunities by distributing almost a million laptops to children in some of the poorest countries around the planet. And yes, more than 99% of them run Sugar, the open-source software originally developed by OLPC and now coordinated by the independent Sugar Labs community.
Hence this talk will focus on:
* the current state of One Laptop per Child and Sugar Labs
* what is happening the 30 or so countries where OLPC's XO-1 laptops and Sugar software is used by children on a daily basis today
* the work European communities in Austria, France, Germany, Switzerland, the United Kingdom and other countries are doing to support these efforts
* current challenges and *opportunities* for FLOSS technlogies, open education approaches and global grassroots efforts in improving ICT-supported education around the globe

Saal2 14:00

eli skippHomewreckery

Integrating technology into fiber arts continues to be an intensely popular subject â in the words of an old teacher: "Fashion will always be a good market, because everyone loves clothes." With the creation of things like Lilypad Arduinos and flex resistors the medium is moving forward in leaps and bounds.

My talk will discuss awesome uses of it, projects that I've done, and how to do it. Subjects will include using flex sensors in conjunction with Lilypads and LEDs and conductive thread, using gyroscopes to put turn signals into clothing, creating efficient tactical work clothing like utility belts and aprons, create soft instruments with examples like Jasna Delic's "Warm Strings," and making printed circuit boards with embroidery machines and conductive thread. Because most examples are physical, wearable, and easy to carry around, both physical and photographic examples are presentable!

Saal2 16:00

Cristiano MarinhoHelena KlangCybernetic Cannibalism

What is there in common between The Cannibalist Manifesto, written by the Brazilian poet Oswald de Andrade, in 1928, and online file sharing in the 21st century? What is the cultural diversity of Brazil â a society in constant formation â able to offer us to analyze the remix culture in the digital age? This work aim to investigate why is Brazilâs culture revealed as an inspiration for concepts as Free Culture and how the country was transformed in a laboratory of experimentation of new roads for the intellectual property debate.

âOnly the cannibalism unites us. Socially. Economically. Philosophically.â This statement of Oswald de Andrade (1890 - 1954) was published in The Cannibalist Manifesto* , in 1928, six years after the Semana de Arte Moderna [Modern Art Week], landmark of the Brazilian modernist movement. In the Manifesto, Andrade recounts the history of the Brazilian civilization by means of well sharp metaphors and affirms Brazilâs vocation for cultural cannibalism: âI am only interested in what is not mine. Law of Man. Law of the Cannibal"
The poet afirms that the roots of the Brazilian people are found in the mixture between primitive cultures (Amerindian and African) and European heritage. But, itâs not a matter of extermination or annulment of one by the other. According to the native culture, the cannibalism is an incorporation tactic of the qualities of the one that is eaten. Thus for Oswald, the primitive cannibalism would be a form of critical swallowing of another, the modern one, the civilized. âI asked a man what was the law. He answered me that it was the assurance of the full exercise of possibilities. That man was called Galli Mathias. I ate him.â For him, only the cannibalism would be capable of extract good parts of the civilized world in a process that he called CaraĂ­ba Revolution, when the mixture of the Indian and the white man would arise the new âtechnologised barbarianâ man: "Tupy* , or not tupy, that is the question."
What are the youths of all countries around the planet doing with the digital technology today? We eat, and we eat a lot. We eat the songs of our idols vomit news creations and spread in the net. We eat images from media, we appropriate it, criticize it and subvert it. The bricolage, mash-up or remix techniques presented in the post-modern culture, are nothing more than cybernetic cannibalism. For Lawrence Lessig (2007), âwe could describe it using modern computer terminology as kind of read-write culture. Itâs a culture where people participate in the creation and in the re-creation of their culture. In that sense is read-writeâ.
From the Andradeâs cannibalism concept through ideas of authors like Lessig, Lev Manovich (Russia), Steven Jonhson (US), Massimo Canevacci (Italy), Hermano Vianna (Brazil) and creators like Gilberto Gil (Brazil) and Djs form Rioâs favelas, this work is going to analyze how the remix nature of the Brazilian culture is reflected in the practices of knowledge-sharing and in the public policies here developed. The goal is to contribute for the debate of intellectual propriety not only in Brazil but in the digital culture society
*The Cannibalist Manifesto (Manifesto antropofĂĄgico) was published in the first edition of the Revista de Antropofagia, the vehicle for the Brazilian Cannibalist movement. All Andrade quotes in this proposal are from the same text.
**Thatâs an Oswald joke with the word tupy, which is the native language, and the expression âto beâ, both sounds the same in Latin phonetics.

Saal2 18:30

Sai EmrysConlanging 101

Learn about the art/craft of language creation ("conlanging"), and participate in making up a new language on the spot.

This presentation is a talk + a workshop.
The talk will cover:
* why people make languages (aka conlanging)
* what kinds of conlangs there are, with some notable examples
* how one goes about making a language
* audience collaboration to **create a language on the spot**
The workshop (immediately afterwards, in B04) might be:
* continuing work on the group language
* small groups creating their own unique mini-languages w/ guidance
* extended Q&A
* something else entirely made up on the fly
You may also be interested in the [Lojban workshop](http://events.ccc.de/congress/2009/wiki/LojbanWorkshop), 29 Dec 18:30-20:00, in B04.
Read the paper! It's got a lot of extra info & resources.
Feedback appreciated: [http://bit.ly/conlang_talk](http://bit.ly/conlang_talk)
See the language we created & read others' feedback on the [CCC wiki page](http://events.ccc.de/congress/2009/wiki/index.php/Conlanging_101)!

Saal2 21:45

Daniel DietrichRufus PollockCKAN: apt-get for the Debian of Data

Componentization â or the atomization of a given resource into 'packages' â has greatly contributed towards the ease with which software developers are able to re-use and build upon each other's work.
We argue that this kind of approach is becoming significantly more important in knowledge development. This talk will discuss the Open Knowledge Foundation's Comprehensive Knowledge Archive Network (CKAN) â a registry for open data, from sonnets to statistics, genes to geodata. CKAN has recently been used in the UK Government's beta for a 'data.gov.uk' site.

Collaborative production and distribution of data is gradually towards progressing towards the level of sophistication displayed in software. Data licensing is important to this progression, but is often over-examined. Instead we believe the crucial development is componentization. By focusing on the packaging and distribution of data in a shared context, one can resolve issues of rights, reportback, attribution and competition. Looking across different domains for "spike solutions", we see componentisation of data at the core of common concern.
For those familiar with the Debian distribution system for Linux, the initial ideal is of "a debian of data". Through the 'apt' package management engine, when one installs a piece of software, all the libraries and other programs which it needs to run are walked through and downloaded with it. The packaging system helps one 'divide and conquer' the problems of organising and conceptualising highly complex systems. The effort of a few makes re-use easier for many; sets of related packages are managed in social synchrony between existing software producers.
Code got there first
In the early days of software there was little arms-length reuse of code because there was little packaging. Hardware was so expensive, and so limited, that it made sense for all software to be bespoke and little effort to be put into building libraries or packages. Only gradually did the modern complex, though still crude, system develop. These days, to package is to propagate, and to be discoverable in a package repository, is critical to utility. What makes distribution of data the same; what makes it different?
The size of the data set with which one is dealing changes the terms of the debate. Genome analysis or Earth Observation data stretches to petabytes. Updates to massive banks of vectors or of imagery impact many tiny changes across petabytes. At this volume of data it helps to establish a sphere of concern - distributing the analysis and processing across many sets of users, in small slices. Cross-maintenance across different data sets - rebuilding aggregated updates - becomes more important. Having cleanly defined edges, something like an "knowledge API", or many APIs, is envisaged. Each domain has a set of small, concrete common information models. To distribute a data package is to distribute a reusable information model with it -- to offer as much automated assistance in reusing and recombining information as is possible.
Licensing clarity is important because without it one is not allowed to recombine data sources (though there is a still a large gap between being allowed and being able). Code got a long way with the legal issues, and differently flavoured Free Software Definitions haved gained a good consensus. The state of 'open' data is more uncertain, especially looking at the different ways of asserting the right to access and to reuse data in different legislative regions. Open data practise should demonstrate value, utility, thus it becomes a natural choice, and not an imposition. The Open Knowledge Definition is an effort to describe the properties of truly open data.
Knowledge and Data 'APIs'
Open knowledge research projects are carried out in an atmosphere of "fierce collaborative competition". The Human Genome Analysis project was a shining example: slices of source data were partitioned out to a network of institutions. Near-to-realtime information about the analysis results led to the redirection of resources and support to centres which were performing better. In the context of open media, people are also "competing to aggregate", to compile not mere volume but more cross-connectedness into indexes and repositories of
common knowledge.
Progress on the parts is easier to perceive than on the whole. In the parts, the provenance is clear -- who updated data when and why, and how it was improved. The touchstones are to improve reusability, accuracy, and currency of data. Working with subsets of datasets, in the absence of significant hardware or bandwidth barriers, anyone can start to carry out and contribute analysis from home. Knowledge is given back into a publically available research space, becoming easier to build on the work of others. The more people who access and analyse data, the more value it has to everybody.
As open source software has shown so well, "openness" is complementary to commercial concerns, not counter to them. As the GPL encourages commercial re-use of code, open knowledge is of benefit to commercial activity. Providing a "reference system" and a common interface, more "added value" applications are built on a base layer. The ability to monitor and report in near to realtime on the basis of package development can be useful to more than the "funded community"; it provides real validation of a working (or non-working) business model.
What Do We Mean by Componentization?
Componentization is the process of atomizing (breaking down) resources into separate reusable packages that can be easily recombined. Componentization is the most important feature of (open) knowledge development as well as the one which is, at present, least advanced. If you look at the way software has evolved it now highly componentized into packages/libraries. Doing this allows one to 'divide and conquer' the organizational and conceptual problems of highly complex systems. Even more importantly it allows for greatly increased levels of reuse. The power and significance of componentization really comes home to one when using a package manager (e.g. apt-get for debian) on a modern operating system. A request to install a single given package can result in the automatic discovery and installation of all packages on which that one depends. The result may be a list of tens â or even hundreds â of packages in a graphic demonstration of the way in which computer programs have been broken down into interdependent components.
Atomization
Atomization denotes the breaking down of a resource such as a piece of software or collection of data into smaller parts (though the word atomic connotes irreducibility it is never clear what the exact irreducible, or optimal, size for a given part is). For example a given software application may be divided up into several components or libraries. Atomization can happen on many levels.
At a very low level when writing software we break thinks down into functions and classes, into different files (modules) and even group together different files. Similarly when creating a dataset in a database we divide things into columns, tables, and groups of inter-related tables. But such divisions are only visible to the members of that specific project. Anyone else has to get the entire application or entire database to use one particular part of it. Furthermore anyone working on any given part of one of the application or database needs to be aware of, and interact with, anyone else working on it -- decentralization is impossible or
extremely limited.
Thus, atomization at such a low level is not what we are really concerned with, instead it is with atomization into Packages:
Packaging
By packaging we mean the process by which a resource is made reusable by the addition of an external interface. The package is therefore the logical unit of distribution and reuse and it is only with packaging that the full power of atomization's "divide and conquer" comes into play â without it there is still tight coupling between different parts of a resource.
Developing packages is a non-trivial exercise precisely because developing good stable interfaces (usually in the form of a code or knowledge API) is hard. One way to manage this need to provide stability but still remain flexible in terms of future development is to employ versioning. By versioning the package and providing 'releases' those who reuse the packaged resource can stay using a specific (and stable) release while development and changes are made in the 'trunk' and become available in later releases. This practice of versioning and releasing is already ubiquitous in software development â so ubiquitous it is practically taken for granted â but is almost unknown in the area of open knowledge.
Componentization for Knowledge
We are currently at a point where, with projects such as Wikipedia, we have powerful examples of the first three principles in action but little or none on the fourth. In the early days of software there was also little arms-length reuse because there was little packaging. Hardware was so expensive, and so limited, that it made sense for all software to be bespoke and little effort to be put into building libraries or packages. Only gradually did the modern complex, though still crude, system develop.
The same evolution can be expected for knowledge. At present knowledge development displays very little componentization but as the underlying pool of raw, 'unpackaged', information continues to increase there will be increasing emphasis on componentization and reuse it supports. (One can conceptualize this as a question of interface vs. the content. Currently 90% of effort goes into the content and 10% goes into the interface. With
components this will change to 90% on the interface 10% on the content).
The change to a componentized architecture will be complex but, once achieved, will revolutionize the production and development of open knowledge.
The Comprehensive Knowledge Archive Network (CKAN)
Our CKAN project aims to encourage and support the emergence of a culture where knowledge packages can be easily discovered and plugged together as is currently possible with software. Named after software archives such as CPAN for Perl, CTAN for TeX, CRAN for R and so on, it is a registry for knowledge resources. It is currently in beta and consists of a versioned database of metadata for large datasets and substantial collections of knowledge resources â 'from genes to geodata, sonnets to statistics'. It gives the 'lowest common denominator' of metadata for its packages: author, id, license, user-generated tags, and links. We plan to add support for domain specific metadata. We are also planning to make provision for the automated installation of knowledge packages.

Saal2 23:00

Philippe LangloisVanessa BrunetSCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system

SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it's getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we're getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form.

Attacking the SS7 network is fun, but there's a world beyond pure SS7: the phone system applications themselves, and most notably what transforms phone numbers into telecom addresses (also known as Point Codes, DPCs and OPCs; Subsystem Numbers, SSNs and other various fun.), and that's called Global Title Translation. Few people actually realize that the numbers they are punching on their phone are actually the same digits that are used for this critical translation function, and translate these into the mythical DPCs, SSNs and IMSIs. More and more data is now going through the phone network, creating more entry point for regular attacks to happen: injections, overflow, DoS by overloading capacities. And we have an ally: the mobile part is opening up, thanks to involuntary support from Motorola, Apple and Android. We'll study all the entry points and the recent progresses in the Telecom security attacks.
--
Bio Philippe Langlois
Founder of P1 Security and Senior Security Consultant for Telecom Security Task Force.
Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France's first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (RSA, COMDEX, Interop, HITB Dubai, Hack.lu). You can reach him through his website at: http://www.p1security.com

Saal3 11:30

Travis GoodspeedBuilding a Debugger

The GoodFET is an open source tool for programming microcontrollers and memories by SPI, I2C, JTAG, and a slew of vendor-proprietary protocols. In this lecture, the design of the GoodFET will be explained in detail, and various semi-proprietary protocols will be discussed in depth. Leading toward the future, methods of packet sniffing proprietary protocols will be discussed. Finally, the BadFET â a voltage glitching variant of the GoodFET âÂ will be introduced.

This lecture begins with a brief introduction to microcontroller debugging devices, along with packet captures of each. These include asynchronous serial (UART bootloaders), synchronous serial protocols (AVR ISP, Chipcon), and JTAG (MSP430, ARM). After these have been introduced, the talk continues by showing packet captures of each as implemented on the GoodFET. Attention is also paid to the security vulnerabilities of each debugging protocol, its access controls, and methods of circumventing those access controls.
The GoodFET is the device that I used to break Chipcon's line of Zigbee SoC devices for BlackHat USA.

Saal3 12:45

Oliver PritzkowSven GuckesLightning Talks - Day 2

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.

Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-P

Saal3 16:00

The project develops a stand-alone device in a small form factor that is capable of rendering MilkDrop-esque visuals effects in real time, with a high level of interaction with many sensors and using live audio and video streams as a base.
The flexibility of the FPGA used as a central component enables advanced users to modify the design, and also permits compact integration of many interfaces (Ethernet, OSC, MIDI, DMX512, video inputs), making Milkymistâą a platform of choice for the mobile VJ.
But Milkymistâą is more than a visual synthesizer - it is also one of the leading open source system-on-chip designs. It is today the fastest open source system-on-chip capable of running Linux, and it comes with an extensive set of features and graphics accelerators.
The IP cores that make up the system-on-chip are entirely written in open source synthesizable Verilog HDL and come with test benches and documentation, which makes Milkymistâą a great library of re-usable logic cores to serve as a base for other open source hardware.
Project homepage: http://www.milkymist.org
The conference focuses on the technical aspects of the project. Live demonstration included !

Saal3 17:15

wesenAdvanced microcontroller programming

A lecture showing the result of one year of intense programming with the AVR microcontroller family, showing language tricks, showcasing devices like the at90usb* and the xmega families, and lots of entertaining war stories and grizzly technical details.

A lecture showing the result of one year of intense programming with the AVR microcontroller family, including:
- "agile" development (buzzwordiness aside: a number of interesting approaches)
- C++ on a microcontroller: a perfect match
- building a "GUI" library
- optimizing the size of your firmwares
- debugging microcontroller firmwares
- in-system profiling
- and much more!

Saal3 18:30

Collin MullinerFuzzing the Phone in your Phone

In this talk we show how to find vulnerabilities in smart phones. Not in the browser or mail client or any software you could find on a desktop, but rather in the phone specific software. We present techniques which allow a researcher to inject SMS messages into iPhone, Android, and Windows Mobile devices.

This method does not use the carrier and so is free (and invisible to the carrier). We show how to use the Sulley fuzzing framework to generate fuzzed SMS messages for the smart phones as well as ways to monitor the software under stress. Finally, we present the results of this fuzzing and discuss their impact on smart phones and cellular security.

Saal3 20:30

Florian EchtlerReverse-Engineering DisplayLink devices

DisplayLink produces nice, useful USB graphics adapters. Unfortunately, they had no real Linux support. In this talk, we'll describe how we first reverse-engineered the encryption and basic protocol, prompting DisplayLink to actually release a Linux driver on their own. However, their driver still doesn't support compression. In the second part, we'll therefore describe how we reverse-engineered the compression algorithm.

Saal3 21:45

nibbler"Haste ma'n netblock?"

In times of the omnipresent scare of IPv4 address shortage and price tags on Internet resources that are raised on a yearly basis some people look for creative means of securing themselves parts of "pre-owned" IP space. This space comes from the various early birds on the net. From major corporations to the US Military: Nobody is safe of getting his unused IP assets nicked. This talk will explain the ways IP assignments are made and how clever and not so clever, greedy and not so greedy IP thieves can get into the possession of valuable IP assets.

The talk will be structured in three parts:
- History and current practices of IP assignments worldwide.
- what happened before the Regional Internet Registries (RIRs) were founded
- how did the RIRs allocate/assign IP blocks and other resources back then
- some words about past and current policy towards the end of the happy IPv4 days
- Methods of recovering IP space
- the procedure for legit owners
- flaws that can be exploited
- how i got into possession of four 3-digit-ASn
- real world example of a group that apparently has balls of steal piling up /16s of major corporations all over the world.
- The future is bright!
- shiny happy IPv6 world
- legal ways the RIPE NCC fights the problem of poorly maintained IP space
- the end is not near! due to certain policy changes we will have more IPv4 resources than currently estimated.

Saal1 14:00

Erik TewsDECT (part II)

After dedected.org was published on 25C3, lots has changed in DECT security.

This talk provides an update on the security of encrypted DECT calls that use the DSC cipher. This cipher which is supposed to protect DECT phones from passive eavesdropping can finally be broken in some scenarios. We also show what has been done so far to improve DECT security and what you can to to get a secure DECT system.

Saal1 16:00

Brian DunningThe Lost Cosmonauts

I'm going to talk about the benefits of applying critical thinking stories that we hear in the popular media, and the example I'll be focusing on is the story of the Lost Cosmonauts: Soviet Cosmonauts supposed to have died in space, but who were erased from history. We have audio recordings, allegedly from these dying Cosmonauts, and we'll apply critical thinking to learn what the real source was.

An introductory talk describing phenomena and presenting of understanding of why they are fallacious and why it's so important that they be debunked. The speaker thinks he can bring some better color to the conference â and some fun â focusing on applied critical thinking. This is a popular talk that the speaker has given at the Center for Inquiry and at the Amazing Meeting in Las Vegas.

Saal1 17:15

Harald WelteUsing OpenBSC for fuzzing of GSM handsets

With the recent availability of more Free Software for GSM protocols such as OpenBSC, GSM protocol hacking is no longer off-limits. Everyone can play with the lower levels of GSM communications.
It's time to bring the decades of TCP/IP security research into the GSM world, sending packets incompatible with the state machine, sending wrong length fields and actually go all the way to fuzz the various layers of the GSM protocol stack.

The GSM protocol stack is a communications protocol stack like any other. There are many layers of protocols, headers, TLV's, length fields that can "accidentially" be longer or shorter than the actual content. There are timers and state machines. Wrong messages can trigger invalid state transitions.
This protocol stack inside the telephone is implemented in C language on the baseband processor on a real-time operating system without any memory protection.
There are only very few commercial GSM protocol stack implementations, which are licensed by the baseband chipset companies. Thus, vulnerabilities discovered in one phone will likely exist in many other phones, even of completely different handset manufacturers.
Does that sound like the preamble to a security nightmare? It might well be! Those protocol stacks never have received the scrutiny of thousands of hackers and attack tools like the TCP/IP protocol suite on the Internet.
It's about time we change that.

Saal1 18:30

Moti YungâYes We Canât!â - on kleptography and cryptovirology

In this talk I will survey some of the results (with Adam Young) on Cryptovirology (the art of employing public key cryptography maliciously as part of a malware attack, such as in ransomware) and the related Kleptography (the art of embedding cryptographic Trojans inside tamper-proof cryptosystems).

I will discuss some of the results and their influence on the limitation of the notion of âtrustâ in systems, as well as changes to suggested practice of cryptography that followed this researchâs findings (perhaps as a result of the findings?).

Saal1 20:30

BrePeanut Butter and Plastic: Industrial Revolution

The future of manufacturing will purring next to your computer and plasticizing digital designs into 3D objects. We're at the dawn of the diamond age with portable 3D printers, decentralized manufacturing, digital design and the rise of personal fabrication. Now is the time to join Industrial Revolution 2 and make that dream a reality.
Accompanying this presentation will be a digital design workshop to show designers how to go from digital designs to physical objects.

Cupcakes, lasers, digital designs, open source, 3D objects, and MakerBots will join forces in this presentation to illustrate Industrial Revolution 2. A mix of stories from the past year of developing an affordable, open source 3D printer and footnotes from cultural rise of personal fabricating machines among tinkers, designers and people who live in the future.
If you've have ideas for things that don't exist yet, this presentation will layout the blueprint for making those ideas make the transition to from the world of imagination to the world of tangible physical objects.
Accompanying this presentation will be a digital design workshop to enable participants to go from digital designs to physical objects.

Saal1 23:00

Dan KaminskyBlack Ops Of PKI

Saal2 11:30

Eleanor SaittaPlaying with the Built City

Architecture and urban planning play a huge role in our lives, to a degree not always obvious. The city, however, can be seen as just another system—like any other, it can be hacked, illuminating and subverting existing power structures and creating spaces that allow us to be more human and to live richer lives. In this talk, we'll see a bunch of the challenges of the modern city and look at possible responses.

Architecture and urban planning define much of the world we interact with. This has a wide variety of deep and not always immediately obvious effects—everything from the kinds of things we can do in public spaces to the kinds of families we can live with. While the transparency and responsiveness to actual community need varies, even the best architecture is a usually conservative. The cities we end up with rarely allow us the kind of flexibility and humanity that we want.
Cities, buildings, infrastructure, all of these things are systems. They are heavily politicized with embodied power structures on a number of different levels—structural, functional, aesthetic, economic, political, and social. At each level, we can intervene, alter those power structures, and create the spaces we need and want. Architecture is generally the domain of the rich and powerful, but it doesn't have to be—we can intervene and hack the city.
During this talk, I'll spend a bit of time exploring the power structures of the modern city at the level of architecture and urban planning. Then, for the bulk of the talk, I'll look at a bunch of different techniques—prototypes for ways we as individuals can subvert the city. Let's get outside the design-culture consumer conversation around architecture and urban futurism, and actually change our cities, one brick at a time!

Saal2 16:00

Dieter SpaarPlaying with the GSM RF Interface

This talk will show what can be done by taking control of the GSM RF part of a mobile phone, for example performing a DoS attack to the GSM network or using the phone as a sniffing device.

If the RF hardware of a mobile phone can be controlled, lots of things are possible, for example:
- Sending continuous Channel Request which can lead to a huge load for a GSM cell and could be considered as a DoS attack to the GSM network.
- Use a mobile phone as a cheap GSM receiver for sniffing the air traffic somehow similar to what can be done with the USRP.

Saal2 17:15

Steven J. MurdochOptimised to fail

The Chip Authentication Programme (CAP) has been introduced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer's debit card to generate one-time codes for both login and transaction authentication. The CAP protocol is not public, and was rolled out without any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the first public description of the protocol. We found numerous design errors, which could be exploited by criminals.

Banks throughout Europe are now issuing hand-held smart card readers to their customers. These are used, along with the customer's bank card, for performing online banking transactions. In this talk I will describe how we reversed-engineered the cryptographic protocol used by these readers, using some custom-designed smart card analysis hardware. We discovered several flaws in this protocol, which could be exploited by criminals (and some already are). This talk will explain what vulnerabilities exist, and what the impact on customers could be.

Saal2 18:30

Christiane RuettenI, Internet

The actions of a highly-networked group of individuals cannot be explained as the sum of actions of individuals. Let's explore how far we are along with evolving collective consciousnesses and what's on their minds. With the Internet, the individual's ability for inward and especially outward communication is unprecendented in history. Millions of individuals are sharing thoughts and observations through social networks. The faster and more efficient the information flows within such a network, the harder it becomes to distinguish these processes from the activity in a biological neural network (brain).

One of many thriving examples of an Internet-based social network is Twitter. A typical Twitter neuron can reach between 50 and 200 neighboring neurons. Spread-worthy information will pass this filter layer on to their respective neighbors and so on. Thus a typical Twitter neuron can reach 2,500 to 40,000 other neurons within just two hops â as long as the information is worth spreading.
When analyzing the social graph, you will find highly networked clusters of individuals that share common interests. Once an important information reaches such a cluster, the ongoing mostly internal discussion significantly rises local activity, which in turn will alert neighboring clusters â say of CIOs and media analysts who will pick out the relevant bits of information and carry them on to the next clusters or even out of the network. The immense will-power and the common consciousness of the Twitter network just became apparent with the digital uprise against the Internet censorship law of the German government.
Our keyboards and screens have become our cyborg explants, and the internet has become our up- and downlink into the collective. Social Networks on the Internet are much more than the sum of its parts, and the political class has just been given a taste of what is coming.

Saal2 20:30

Henryk PlĂ¶tzTechnik des neuen ePA

Saal2 21:45

Benjamin KellermannPrivacy-Enhanced Event Scheduling

Event schedulers, well-known from groupware and social software, typically share the problem that they disclose detailed availability patterns of their users. This talk distinguishes event scheduling from electronic voting and proposes a privacy-enhanced event scheduling scheme.

Based on superposed sending and Diffie-Hellman key agreement, it is designed to be efficient enough for practical implementations while requiring minimal trust in a central entity. Protocols to enable dynamic joining and leaving of participants are given as well as a Web 2.0 implementation is presented.

Saal2 23:00

Aaron MuszalskiWeaponizing Cultural Viruses

What does it mean to fight a culture war? How does culture propagate through a population? What is a meme? And why are some cultural memes more virulent than others?
As the capitalist corporate monoculture further asserts its global hegemony, it is vital that individuals become more skillful in their resistance to it. In a hyper-connected world, the most powerful vector of resistance is that of memetics, the core unit of cultural belief. A culture war is, fundamentally, a memetic war.

Thus the modern revolutionary must learn to intentionally engineer memes that can not only survive in competition with those of the dominant culture, but thrive. Hackers, already adept at identifying and leveraging vulnerabilities in computer systems, are the ideal candidates to identify and exploit the memetic vulnerabilities of cultural systems.
This talk will explore memetic viral engineering as a mechanism for cultural change. Specifically, how such cultural viruses can be most effectively weaponized by crafting their content not only to maximize the rate of infection, but subsequent retention and integration. This conversion of the transmitted meme into mass action is the primary aim of revolutionary memetics.
A basic introduction to memes and memetic theory will be presented. The difference between a classic Dawkins/Blackmore meme and an Internet meme will be clarified, and their relationship in the context of memetic resistance will be explored. Basic virology will also be introduced, as it will be used as the primary (though not sole) analytical metaphor.
Key mechanisms of memetic transmission will be identified and a simplified model of memetic valuation will be introduced. Strong and weak vectors of memetic infection will be discussed, as will the concepts of memetic progenitors and domain crossover. Memetic immune systems will be analyzed, and potential exploits explored. Inflection points - places where small pushes have large impacts - will be introduced, along with methods for their identification. The need for meme-splitting will be explained, and prime memetic candidates for metastasizing hacker/maker culture will be identified. The immediate benefits and the long-term advantages of such an effort will be discussed. The use of digital communication systems in memetic warfare will be explored, both as testbeds (e.g., Twitter as memetic petri dish) and as infection vectors.
The potential of memetic resistance against monolithic power structures such as global corporatism and religious fundamentalism will be assessed. The semantics of memetic resistance will be discussed, particularly in the context of contemporary propaganda systems, such as the United States' "Global War on Terror". Illuminating historical and cultural references will be cited, humorous anecdotes will be told and, in the laughter that follows, a fleeting glance between two members of the audience will lead to a vigorous stand-up shag in the nearest IDF closet, and the two will go on to become iconic revolutionary agitators who bring down too-proud nations worldwide, as well as a significant portion of the network in the Congress Center.
FNORD.

Saal3 12:45

Oliver PritzkowSven GuckesLightning Talks - Day 3

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.

Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-P

Saal3 16:00

rodentDDoS/botnet mitigation & hosting online communities

Many years of hosting BBS's, ISP's, websites, game servers, forums, irc networks, and online communities. I've accrued experience dealing with the negative influences of DoS/DDoS, botnets, trolls, flooders, spammers, phishers, and the whole lot. I want to talk about the challenges, and victories.

Using whatever tools necessary to achieve the goal, basically keeping services up for the users while maintaining security, secrecy/privacy, and balance. Tracking & Attacking/Reporting Botnets, Social Engineering, Dealing with Trolls, Flooders and other negative influences.

Saal3 20:30

L. Aaron KaplanLocation tracking does scale up

For a long time we warned of the perils of full scale, permanent tracking of persons by the state or corporations. Cell phones, data retention laws and other surveillance techniques close the freedoms of the net. But none can be as pervasive as the permanent location updates sent to Apple and Google via your Smartphone and laptop. With a precision of 10Â m to 20Â m, BSSID based location tracking has become the ultimative and global tracking of persons. This talk will describe weaknesses and trends in current location tracking methods. The internet learned to locate you in 2009!

Skyhook Wireless is a small company focusing on providing high quality location based services to the world.
To quote from their webpage:
"Skyhook Wireless' XPS is the world's first true hybrid positioning system. Combining the unique benefits of GPS, Cell Tower triangulation and Wi-Fi Positioning, mobile consumers no longer have to wait minutes for a response or cope with inaccurate location."
Customers include Apple (iPhone, Snow Leopard uses Skyhook Wireless) and Google. While most people don't realize it, the BSSIDs that their Smartphone "hears" gets transmitted to a single company in Boston, Mass. The cell phone tower identifier gets transmitted and if anything fails, they will revert to simple IP Geolocation DBs.
The talk will focus on a few techniques for assigning GPS positions to you and tries to estimate trends and implications for society, law and law enforcement issues.

Saal1 14:00

Felix DomkeBlackbox JTAG Reverse Engineering

JTAG is an industry standard for accessing testmode functionality in almost any complex microchip. While the basics of JTAG are standardized, the exact implementation details are usually undocumented. Nevertheless, JTAG often allows you to interact with the chip very deeply, which makes it very interesting since it is often easily accessible thanks to the small pincount. This talk covers reverse engineering of JTAG interfaces when no or only limited documentation is available.

JTAG is an industry standard for accessing testmode functionality, and is available on almost any complex microchip. It is often for functional testing while doing wafer sort, during board production, product development and service. While the basics of JTAG are standardized, the exact implementation details are usually not available in public datasheets. Very often, even when signing a vendor NDA, only limited parts of JTAG will be documented (like boundary scan and the CPU debug interface). JTAG, however, often allows a much deeper interaction with the chip, and often, security is falsely established though obscurity by providing undocumented testmodes. JTAG isn't only available on CPUs, but also on a lot of other peripherals, which turns them into an interesting target if they provide busmaster access to a system bus.
In the talk, I will cover:
- JTAG basics (electrical basics, the JTAG state diagram, boundary scan)
- Finding JTAG pins out of a bunch of unmarked testpoints
- Mapping the JTAG instruction space
- Finding useful test modes and using them for profit

Saal1 16:00

AudreyPhotography and the Art of Doing it Wrong

At its heart, photography is a ridiculous hack to make pictures from light. In the 170 years since Talbot and Daguerre, techniques have been cleaned up and simplified. A field that once demanded experimentation and had no clear way of doing it right, now attracts many who haven't a clue why it all works. Innovation and new techniques occur on the edges - they are the beautiful fragments scattered in disaster, the sloppy chaos of the unknown. Discovery happens by doing it wrong. Beyond the traditions, beyond the rules, there be dragons, and they are the best teachers of all.

In this talk, I will discuss the concept of fluency as it relates to photography, and how confidence in the medium is a direct result of doing it all wrong. Broken and inadequate equipment drives quick adaptation, because it has to work (in some definition of work) immediately. What are the absolute essentials of getting this photograph, right now? Right now is all there is.
With fluency comes greater experimentation. Knowing the rules of a medium means knowing how to break them effectively. Experimental artists, like hackers, use the flaws and weaknesses of their medium to bend it to their will. New techniques are often discovered by accident or through questioning "what happens if I...?" Over time, some of these techniques, like solarization and multiple exposures, have become standard. What happens out at the borders where things break, where things are unpredictable? I will share some of my own processes as well as some by other artists, both historical and contemporary.
Early photographers exploited motion blur that resulted from long exposures (half hour exposures were once the norm). Exposing a sheet of film more than once, intentionally or not, results in a composite image. Solarization, a partial darkening of highlight areas in a print or lightening of shadows in a negative, was made famous by the surrealist photographers Lee Miller and Man Ray. Even the corruption of digital files has been used for artistic effect. Something is only really a flaw before a suitable application is understood. To do it wrong, wholeheartedly, is to abandon the myth of perfection and predictibility in favor of discovery.

Saal1 18:30

Frank RiegerRonClosing Event

Saal2 11:30

Mathias PayersecuBT

In the age of coordinated malware distribution and zero-day exploits security becomes ever more important. This paper presents secuBT, a safe execution framework for the execution of
untrusted binary code based on the fastBT dynamic binary translator.

In the age of coordinated malware distribution and zero-day exploits
security becomes ever more important. This paper presents
secuBT, a safe execution framework for the execution of
untrusted binary code based on the fastBT dynamic binary
translator.
secuBT implements user-space virtualization using dynamic
binary translation and adds a system call interposition framework to
limit and guard the interoperability of binary code with the kernel.
Fast binary translation is a key component to user-space
virtualization. secuBT uses and extends fastBT, a
generator for low-overhead, table-based dynamic (just-in-time) binary
translators. We discuss the most challenging sources of overhead and
propose optimizations to further reduce these penalties. We argue for
hardening techniques to ensure that the translated program can not
escape out of the user-space virtualization.
An important feature of secuBT is that only translated code is
executed. This ensures code validity and makes it possible to rewrite
individual instructions. The system call interposition framework
validates every system call and offers the choice to
(i) allow it,
(ii) abort the program,
(iii) redirect to an user-space emulation.

Saal2 12:45

hunzFinding the key in the haystack

The power consumtion of a microcontroller depends on the actual data being processed. This renders current-based side channel attacks possible: By recording and analyzing the current consumption of a microcontroller, one can recover secret keys. This can be done using Differential Power Analysis (DPA).

While smartcards and other tamper resistant devices usually implement countermeasures to complicate this kind of attack, most consumer hardware isn't DPA-safe.
DPA will be explained by example in this talk: A non-hardened, but conventional AES implementation running on a popular AVR microcontroller will be attacked. Real-world power data will be used for analysis.
After explaining the basic idea and the way DPA works, the workflow will be described in detail along with hardware/software requirements and the measurement setup. The measurement process will be explained as well.
Prior to analyzing the recorded data, necessary theoretical foundations will be shown without going too much into mathematical details.
Common challenges one might encounter while mounting a DPA-attack will be presented as well as suitable approaches to cope with them.
It's the intention of this talk to show that all one needs to conduct a DPA is a half-decent digital storage oscilloscope (DSO) and a bit of electronics & software knowledge.

Saal2 14:00

"Intelligence Support Systems" stand for a wide range of hard- and softwareproducts made to intercept and analyze data from telecommunication- and other datastreams as well as data from surveillance technology. The talk will give a brief overview of how this industry works, to whom these products are available and what the capabilities are.

A whole industry has been growing providing systems to intercept and analyse data from various sources - serving governments and other interested parties to improve surveillance on the subjects of interests formerly known as citizens.
This technology does not only change the way governments work, itÂŽs implications for our rights on informational self-determination are fundamental. It does not only allow to analyse and graphically view human behaviour, but also the behavioural changes in the context of interactions and events.
In this talk i do not only want to give an overview on the tools of intelligence support, but also raise the question what kinds of escape and protection from this type of democracy-killing technology is possible.

Saal3 12:45

Oliver PritzkowSven GuckesLightning Talks - Day 4

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.

Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-P

Saal3 16:00

Robert HellingHacking the universe

String theory is our best candidate for a "Theory of Everything". In this final theory, we begin to understand the nature of space and time. This is a light introduction to these ideas for the general nerd.

We will discuss mini black holes, extra dimensions and all plot devices of your favorite scifi story. Besides elementary particle physics (by the time of 26C3 the LHC should finally be running) and cosmology (what really happened at the Big Bang) I will also discuss the role of computers in this endeavor (after all, the WWW is the teflon pan of particle physics!).

Saal3 17:15

Public ViewingStream: Security Nightmares

What has happened during the last year in IT-Security? Which things did develop newly? Which new buzzwords and trends appeared?

Like every time we will dare to have a look at the year 2010 and even further, because after all that is what we really want to know: What will we have to deal with in the future? Additionally we will check whether our forecasts from the previous year came true.